Data stored in security namespaces are used to determine whether an user has permissions to perform a specific action on a specific resource.
Typically, each family of resources (work items, Git repositories, etc.) is secured using a different namespace. Each security namespace contains zero or more access control lists. Each access control list contains a token, an inherit flag and a set of zero or more access control entries. Each access control entry contains an identity descriptor, an allowed permissions bitmask and an denied permissions bitmask.
Get security namespaces
Get a list of security namespaces.
Get, add, and remove access control lists
- Get a list of access control lists in a security namespace.
- Add a list of access control lists to a security namespace.
- Remove a list of access control lists from a security namespace.
Add and remove access control entries
- Add a list of access control entries to an access control list.
- Remove a list of access control entries from an access control list.
Evaluate effective permissions
Determine if an identity has the requested permissions on a token or a list of tokens.
Selectively remove permissions
Remove permissions from an access control entry.